- You spend 3hrs 43 mins on your phone on average. Security is important.
- SIM Swapping scam is a cyber attack that is used to steal your information and money and is on the rise.
- On average $1,343 is drained from accounts due to identity theft. Avoid being a statistic.
Cybercriminals have a number of sophisticated ways to access your personal details and drain your accounts. But one often overlooked method, known as SIM-swapping, is on the rise.
Subscriber Identity Module (SIM) cards are where everything about you, as a user, including your phone number, is stored through the Global System for Mobile phones (GSM). Think of it as your home for all the personal information that you wouldn’t want to get into the wrong hands.
A SIM swapping attack is when someone tries to take control of your phone number by pretending to be you so they can use your number to gain access to your financial accounts through the second step of two-factor authentication (sending a text message or call verification to verify your identity).
It’s a scary, real, and, unfortunately, very effective tactic to exploit unsuspecting people with poor security for their digital tools. Becoming aware and increasing your security awareness will stop you from becoming the next victim of cybercrime.
Hackers will often use different strategies to find identifying credentials, such as your name, age, date of birth, and interests—all of which paint a picture of plausibility that they are you. Hackers gather this information through phishing or by gathering information on the internet about you whether it is through your social media channels or publicly available information on the web.
While individually these tactics may not seem particularly sophisticated, together they can build credibility and allow them to assume your identity with limited technical know-how.
Posing as you with their newly acquired information, the fraudster will then call customer service at your phone company and, using a made-up reason (my SIM card is damaged or lost), convince the representative to port (or transfer) the details over to a new SIM card. The result? Full control over your telephone number. This then means that the fraudster’s phone will receive your calls and text messages.
What happens next is that they will use this weak point in multi-factor authentication (your phone number) to gain access to your email and financial accounts.
So how do you know if you’ve been SIM-swapped? You’ll typically find out you’ve been SIM-swapped when your phone number stops working. In the worst-case scenario, hackers can disable access to your email and bank accounts, dip into your hard-earned funds and drain you of thousands of dollars, leaving your credit and financial portfolio in a mess and you with a long-term headache to clear up.
Here are five steps you can take to avoid becoming the next victim of a SIM swap attack.
- Set a PIN (Personal Identification Number) code with your mobile carrier: Some mobile carriers allow you to add a PIN code for extra security. This adds another layer of protection so that changes cannot be made without that code.
- Reduce your digital presence: Review your digital presence on the internet, including your social media pages. Do you post publicly about your family's birthdays? Avoid oversharing personal details on social media as much as possible and delete details you previously shared.
- Use an authenticator app: Add an extra layer of protection with an authenticator app, that requires extra verifiable information only available on your phone, making it that much harder for all but the most hardened hackers to steal your personal information.
- Screen your phone calls, texts, and emails: The best way to avoid attackers accessing your personal information is not to give them the opportunity to interact with you and trick you into divulging that information. Be vigilant about noticing odd numbers, emails that look too good to be true (don’t click unrecognized attachments), or text messages from people you don’t know. You may consider enrolling in the National Do Not Call Registry (https://www.donotcall.gov)
- Use Strong and Unique Passwords: Create and use a complex and unique password for each of your accounts. Avoid repeating passwords that you use for any other accounts. When websites and online accounts are compromised, the lists of usernames, email addresses, and passwords are posted online. Passwords are revealed and information that identifies the user, such as an email address, is exposed. That means a cybercriminal can search for other accounts linked to that user, such as work-related, social media, or banking accounts. When a fraudster discovers those accounts, they can easily try logging in with the exposed password and gain access if the password is reused. This is why having strong and unique passwords is important.
First Republic offers a range of cybersecurity services to proactively safeguard your accounts and improve your security posture. To schedule and learn more about these services, please contact your Preferred Banker, Relationship Manager, or Wealth Manager.